Docker 部署 ELK
492人浏览 / 0人评论
部署
# 开放端口
firewall-cmd --zone=public --add-port=9200/tcp --permanent
firewall-cmd --zone=public --add-port=9300/tcp --permanent
firewall-cmd --zone=public --add-port=5601/tcp --permanent
firewall-cmd --zone=public --add-port=5044/tcp --permanent
firewall-cmd --zone=public --add-port=5045/tcp --permanent
systemctl reload firewalld
# 获取镜像
docker pull sebp/elk
# 执行(虚拟机重启后会失效,需要再执行一下)
sysctl -w vm.max_map_count=262144
# 默认运行
docker run -d -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -p 5601:5601 -p 5044:5044 -p 9200:9200 -p 9300:9300 -it --restart=always --name elk sebp/elk
# 挂载运行
## 创建挂在目录
cd /home
## elasticsearch/plugins 里面放ik分词器
mkdir elk
cd elk
mkdir elasticsearch elasticsearch/data elasticsearch/plugins logstash kibana
## 复制配置文件到本地
docker cp elk:/etc/logstash/conf.d/ /home/elk/logstash/conf.d
docker cp elk:/opt/kibana/config/ /home/elk/kibana/conf
docker cp elk:/etc/elasticsearch/ /home/elk/elasticsearch/conf
## 授权
cd /home/elk/logstash/conf.d
chmod 777 02-beats-input.conf 10-syslog.conf 11-nginx.conf 30-output.conf
cd /home/elk/kibana/conf
chmod 777 kibana.yml node.options
cd /home/elk/elasticsearch/conf
chmod 777 elasticsearch.keystore elasticsearch.yml jvm.options log4j2.properties
## 普通启动
docker run -d \
-e ES_JAVA_OPTS="-Xms256m -Xmx256m" \
-p 5601:5601 -p 5044:5044 -p 5045:5045 -p 9200:9200 -p 9300:9300 \
-it --restart=always \
--name elk sebp/elk
## 挂载启动
docker run -d \
-e ES_JAVA_OPTS="-Xms256m -Xmx256m" \
-p 5601:5601 -p 5044:5044 -p 5045:5045 -p 9200:9200 -p 9300:9300 \
-it --restart=always \
-v /home/elk/elasticsearch/data:/var/lib/elasticsearch \
-v /home/elk/elasticsearch/conf:/etc/elasticsearch \
-v /home/elk/elasticsearch/plugins:/opt/elasticsearch/plugins \
-v /home/elk/logstash/conf.d:/etc/logstash/conf.d \
-v /home/elk/kibana/conf:/opt/kibana/config \
--name elk sebp/elk
# 进入容器
docker exec -it elk /bin/bash
# 编辑配置文件
vim /etc/logstash/conf.d/02-beats-input.conf
# 添加内容
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-beats.crt"
ssl_key => "/etc/pki/tls/private/logstash-beats.key"
}
}
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 5045
codec => json_lines
}
}
filter{
mutate{
lowercase=>["appName"]
}
}
# 设置为中文
## 编辑kibana.yml(可以用whereis kibana.yml查询)
vim /opt/kibana/config/kibana.yml
## 加上以下配置:
i18n.locale: "zh-CN"
server.publicBaseUrl: "http://localhost:5601/"
# 设置密码 默认es用户名为elastic,logstash用户名为logstash_system,kibana用户名为kibana
## https://www.cnblogs.com/liangyou666/p/10597093.html
## https://www.cnblogs.com/snail90/p/11444393.html
## https://blog.csdn.net/weixin_43315211/article/details/99677072
# 启用认证
## 进入容器,执行:vim /etc/elasticsearch/elasticsearch.yml 添加如下:
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
# 开启跨域
http.cors.enabled: true
http.cors.allow-origin: '*'
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
## 重启容器
docker restart elk
## 执行:
cd /opt/elasticsearch/bin
./elasticsearch-setup-passwords interactive
## 然后输入密码 123456
## 修改密码时使用:
curl -H "Content-Type:application/json" -XPOST -u elastic 'http://192.168.0.88:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }'
## 或者
POST /_security/user/elastic/_password
{
"password": "123456"
}
## 然后修改kibana.yml,执行:vim /opt/kibana/config/kibana.yml 添加:
elasticsearch.username: "kibana_system"
elasticsearch.password: "123456"
## 修改 logstash 输出配置
vim /etc/logstash/conf.d/02-beats-input.conf
output{
elasticsearch {
hosts => ["localhost:9200"]
index => "log-%{appName}-%{+YYYY.MM.dd}"
user => "elastic"
password => "123456"
}
}
vim /etc/logstash/conf.d/30-output.conf
output {
elasticsearch {
hosts => ["localhost"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "123456"
}
}
# 退出后,重启elk
docker restart elk
# 测试
访问 ip:9200 ip:5601
# 创建索引(直接去discover创建第一个索引)
## 手动执行,通过代码执行则不需要使用这个,因为在做完 “在项目中使用” 操作后,此条记录看起来不美观
curl -H "Content-Type: application/json" -XPOST 'http://192.168.0.52:9200/fzai-log-2021-08-08/test-log' -d '{"code":200,"message":"测试"}'添加ik中文分词器插件
1、下载
https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.13.2/elasticsearch-analysis-ik-7.13.2.zip
2、将解压后的文件夹上传到服务器
3、将文件夹复制到容器,然后重启容器
docker cp /home/elasticsearch-analysis-ik-7.13.2 elk:/opt/elasticsearch/plugins
docker cp /home/elasticsearch-analysis-ik-7.16.2 elk:/opt/elasticsearch/plugins
docker cp /home/elk/elasticsearch-analysis-ik-7.16.3 elk:/opt/elasticsearch/plugins4、测试
POST _analyze
{
"analyzer": "standard",
"text": "进口红酒"
}
POST _analyze
{
"analyzer": "ik_smart",
"text": "进口红酒"
}
POST _analyze
{
"analyzer": "ik_max_word",
"text": "进口红酒"
}推送 springboot 项目日志到 elk
添加依赖
<!-- elk相关 -->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.25</version>
</dependency>
<!--Logback to elk-->
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>5.2</version>
</dependency>logback.xml
<?xml version="1.0" encoding="UTF-8"?>
<configuration debug="false">
<appender name="Console" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<springProperty scope="context" name="springAppName" source="spring.application.name"/>
<appender name="STASH_TCP_FZAI_LOG" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<!-- 与服务器上 logstash 配置的 port 一致,且 host 为 logstash 所在服务器,appName 跟 filter 中配置的一样 -->
<destination>192.168.0.52:5045</destination>
<!-- encoder is required -->
<encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder">
<customFields>{"appName":"${springAppName}"}</customFields>
</encoder>
</appender>
<appender name="ASYNC_STASH_TCP_FZAI_LOG" class="ch.qos.logback.classic.AsyncAppender">
<discardingThreshold>0</discardingThreshold>
<queueSize>256</queueSize>
<appender-ref ref="STASH_TCP_FZAI_LOG"/>
</appender>
<root level="INFO">
<appender-ref ref="Console"/>
<appender-ref ref="ASYNC_STASH_TCP_FZAI_LOG"/>
</root>
</configuration>
豫公网安备 41010702003051号
全部评论